Toys "R" Us contacted customers that their passwords to their reward program account would be reset in order to avoid an unauthorized attempts to their rewards program account.

The company communicated that those notified did not necessarily have their accounts accessed, however, the risk was higher due to the discovery by the company of "recycled login details used by some of its customers."

Between January 28th and January 30th, 2015, the company discovered a number of "illegal login attempts made to its Rewards "R" Us accounts." The current announcement is an additional security measure so that other customer accounts cannot be accessed in a similar way. "Out of an abundance of caution, we are therefore treating your account password as compromised and taking appropriate steps to address the situation," in a letter sent by the company to its customers.

Jeb Bush's office inadvertently exposed 12,500 individuals' personal information as part of a larger cached file of 332,999 emails sent to him when he was the Governor of Florida.

The email was sent as part of a measure for transparency, however his team neglected to remove personal information if 12,500 of those individuals exposing names, Social Security numbers, and birthdates.

The office has since redacted the information, which were believed to have been individuals on a family services waiting list from 2003.

Anthem, the second largest health insurance company operating under Anthem Blue Cross, Anthem Blue Cross and Blue Shield Amerigroup and Healthlink has suffered a massive data breach.

The company announced that they have been the victim of a "very sophisticated external cyber attack" on their system. The information compromised includes names, birthdays, medical ID's, Social Security Numbers, street addresses, e-mail addresses, employment and income information.

Over the next several weeks, those who were affected will be receiving some form of identity theft protection.

For those members with questions regarding the breach, the company has set up a toll- free line at 1-877-263-79951-877-263-7995 FREE.

More Information: For the statement by Anthem's CEO Joseph R. Swedish and the dedicated website created for customer information, click here.

UPDATE (2/10/2015): As further investigations are pursued regarding the Anthem breach, research by Brian Krebs and others show that the hacking began as early as April 2014 and is pointing to Chines hacker group known as "Deep Panda".

At the time, Anthem was called Wellpoint, and upon further investigation Krebs "discovered a series of connected domain names that appear to imitate actual Wellpoint sites, including we11point.com and myhr.we11point.com."

Because these sites were contructed almost 10 months prior, the question has now been raised as to why it took the company such a long time to uncover the hacking.

Riverside Regional Medical Center notified patients of a databreach when one of their employee laptops used in their Opthamology and Dermatology clinics was stolen that contained patient information.

The information on the laptop included names, phone numbers, addresses, dates of birth, Social Security Numbers, and clinical information such as medical record numbers, physicians, diagnosis, treatments received, medical departments and health insurance information.

The facility has set up 12 months free of Experian's ProtectMyID Alert for those affected. For questions call 1-866-313-7993.

California Pacific Medical Center notified 844 patients of a data breach to their system when an employee accessed records without authorization.

A total of 844 patients between October 2013 and October 2014, were accessed by this person who has since been terminated. The information obtained included patient demographics, last four digits of Social Security number, clinical information such as diagnosis, clinical notes, and prescription information.

The company states that the employee did not have access to full Social Security numbers, credit card or financial information, driver's license numbers, or California identification numbers.

Sunglo Home Health Services notified customers/patients of a data breach when their facility was broken into and stole one of their company lap tops. The laptop contained patient information including Social Security Numbers and personal health information.

Mount Pleasant School District has informed approximately 915 present and former staff members that their personal information may have been compromised between January 18th 2015 and January 21st 2015.

A spokesperson for Mount Pleasant School District stated “Forest Hills
District had a denial of service and discovered they had been hacked,”
she said. “The district’s technology director found a Tweet that
mentioned us. She looked us up on the Web and called us to let us know
on Tuesday.”

When the technology
director for Mount Pleasant clicked on the link, it directed him to a file that included names, addresses and Social Security numbers”
of MPISD staff.

More Information: http://www.dailytribune.net/news/data-breach-hits-mpisd-employees/article_051ec5d0-a1d2-11e4-b1c7-afde4a6d4ed1.html

Information Source:Media

records from this breach used in our total: 915

January 16, 2015

Grill Parts.comSanta Rosa, California

BSR

HACK

Unknown

Grillparts.com notified customers of a data breach to their website from January 2014 through October 2014.

The information compromised included first and last names, addresses, personal card account numbers, expiration dates, and credit/debit card security codes. It is currently unknown or has not been reported as to the number of people who were affected.

The company is providing the services of Kroll identity theft protection for one year at no cost to those who might have been affected by the breach.

Visit kroll.idMonitoringService.com and follow the online instructions to take advantage of the Identity Theft Protection Services. You will need to enter the membership ID provided by the company sent in a letter to those whose information has been or could have been compromised.

Oppenheimer Funds was notified by a brokerage firm that works with Oppenheimer Funds that customer information that was mistakenly made available to a representative of the associated brokerage firm.

The information included names, addresses, Oppenheimer Fund account numbers and Social Security numbers.

The company is offering credit protection through Equifax Consumer Services, LLC. For those affected they can reach out to Equifax Consumer Services at 1-888-766-00081-888-766-0008 FREE for information regarding the credit monitoring. Oppenheimer Funds provided a monitoring code to all those affected. The company can be reached at 1-800-225-56771-800-225-5677 FREE Monday through Friday from 8:00am to 8:00pm Easter time or visit the website at www.oppenheimerfunds.com.

Lokai informed customers of a data breach to their system from July 18, 2014 to October 28, 2014 by hackers who gained access to their server that hosts their website. The hackers installed a program that was designed to record information entered by customers.

An employee of Morgan Stanley stole customer information on 350,000 clients including account numbers. Additional information on what other information was captured has not yet been released. Files for as many as 900 clients ended up on a website.

The employee has since been fired and the bank is notifying all of the individuals affected and the FBI is currently investigating the incidence.

Chic-Fil-A has announced they are investigating a possible data breach to their payment card system. They have not released any details as to the reality of the breach, however, many experts are predicting it could be extensive.

The restaurant chaind operates over 1,850 stores nationwide. Suspicious activity on their payment systems and a report provided to the on December 19, 2014 as to suspicious activity, prompted the company to launch an investigation.

Additional information will be posted as soon as information is available.

Fast
food restaurant chain Chick-fil-A could well be the first retail breach
to be publicly confirmed in 2015. Chick-fil-A released a public
statement on Jan. 2, confirming that it is investigating a possible data
breach at its restaurants.
While Chick-fil-A's statement was issued on Jan. 2, the company admitted
that it received a report about a potential breach on Dec. 19. After
the report was received, Chick-fil-A indicated that it launched an
investigation to determine what had occurred.
"The initial report was of potential suspicious activity involving payment cards at a few restaurants," Chick-fil-A stated. "Our investigation is ongoing and we will update as we are able to do so."
Chick-fil-A reported 2013 sales of more than $5 billion and has over
1,850 locations, including both stand-alone restaurants and mall
locations. - See more at:
http://www.eweek.com/security/chick-fil-a-may-be-the-latest-retail-data-breach-victim.html#sthash.JLp7Xcee.dpuf

Fast
food restaurant chain Chick-fil-A could well be the first retail breach
to be publicly confirmed in 2015. Chick-fil-A released a public
statement on Jan. 2, confirming that it is investigating a possible data
breach at its restaurants.
While Chick-fil-A's statement was issued on Jan. 2, the company admitted
that it received a report about a potential breach on Dec. 19. After
the report was received, Chick-fil-A indicated that it launched an
investigation to determine what had occurred.
"The initial report was of potential suspicious activity involving payment cards at a few restaurants," Chick-fil-A stated. "Our investigation is ongoing and we will update as we are able to do so."
Chick-fil-A reported 2013 sales of more than $5 billion and has over
1,850 locations, including both stand-alone restaurants and mall
locations. - See more at:
http://www.eweek.com/security/chick-fil-a-may-be-the-latest-retail-data-breach-victim.html#sthash.JLp7Xcee.dpuf

Information Source:Media

records from this breach used in our total: 0

December 29, 2014

LeapLab,

BSO

INSD

Unknown

LeapLab is being sued by the Federal Trade Commission for purchasing "payday loan applications of financially strapped consumers, and then sold that information to marketers whom it knew had no legitimate need for it".

In another FTC case, Ideal Financial Solutions, used this information sold to them to withdraw millions of dollars from individual accounts without permission.

PlayStation and xBox networks over the holiday season. A group calling itself "LizardSquad" hacked both gaming networks on Christmas Day.

According to the group and KrebsOnSecurity, "various statements posted by self-described LizardSquad members on their open online chat forum - chat.lizardpartrol.com - suggest that these misguided individuals launched the attack for no other reason than because they thought it would be amusing to annoy and dissapoint people who received new Xbox and Playstation consoles as holiday gifts"

Microsoft Xbox Live networks were hacked by a group called "LizardSquad", preventing users from playing games over the holiday.

The assault was a DDoS attack (distributed denial-of-service) which "harness the Internet connectivity of many hacked or misconfigured systems so that those systems are forced to simultaneously flood target network with junk Internet traffic. The goal, of course, is to prevent legitimate visitors from being able to load the site or use the service under attack."

On November 14, 2014 an employee laptop and hard drive were stolen when their car was broken into. According to the company the laptop was password protected.

The information stored on the laptop included images taken during the course of treatment, names, banking, full routing numbers, credit card numbers, some financing applications that included Social Security Numbers, dates of birth, mailing address, email address, income, rent payments and employer names.

The company is providing 12 months free of AllClearID, call 1-877-437-3998

Corday Productions, Inc. has payroll administered by Sony Pictures Entertainment. As part of the Sony breach, Corday Production Inc.'s employees, independent contractors or employees of contractors providing services to Corday may have had personal information compromised.

The incident is still under investigation as part of the larger Sony investigation. Corday is offering AllClear ID to those who may have been affected. They can be contacted at 1-855-434-80771-855-434-8077 or https://www.allclearid.com/

Rob Kirby CPA notified customers of a data breach when the car he was driving was broken into and his briefcase, a password protected laptop and flash drive containing confidential client information was stolen.

The information stolen included tax returns for current and previous years, copies of supporting documents associated with the returns, including names, addresses, birth dates, and Social Security numbers for clients, spouses, and dependents.

Acosta, Inc. and its subsidiaries (Mosaic Sales Solutions US Operating Co. LLC) informed customers of a data breach when an employee of their Human Resources department had a laptop containing personal information stolen from their car on November 11, 2014.

For those affected, the company has set up a toll free number to assist with questions at 1-877-237-49711-877-237-4971 Monday through Friday 9:00 a.m to 7:00 p.m Eastern Standard Time. The reference number to the incident is #5316120814.

The University of California Berkeley has notified individuals of a data breach in their Real Estate Division that resulted in unauthorized access to servers used to support a number of Real Estate programs and work stations.

These workstations contained files that included some personal information. The investigation of the hacking showed that these servers were breached in mid-to late September.

The university is offering identity theft protection and fraud resolution through ID Experts for free for one year. For those affected call 1-877-846-63401-877-846-6340 Monday through Friday from 6 a.m to 6 p.m Pacific Time or go to www.myidcare.com/ucbinfo.

Emcor Services Mesa Energy Systems notified individual of a data breach when a company laptop was stolen that contained customers personal information.

The information contained on thelaptop included names, Social Security numbers, dates of birth, dates of hire, addresses, salaries, gender and ethnicity. The theft occurred on or around November 25, 2014.

The company is offering the services of Kroll for one year at no cost. For those who were affected they can call 1-866-775-42091-866-775-4209 from 8:00 a.m to 5 p.m Central Time, Monday through Friday.

For those with questions for the company can call Mike Cook at 1-949-460-46051-949-460-4605.

ABM Parking Services notified customers of a data breach when the point of sale software system implemented by Datapark USA Inc, a third party vendor for several Chicago, Illinois parking facilities was hacked. The information was compromised from October 6, 2014 through October 31, 2014.

The hackers were able to compromise certain customer credit and debit card information, including payment card numbers.

A toll-free information line has been made available for those affected. Customers can call 1-877-238-37901-877-238-3790. The company is offering one year free of Experian's ProtectMyID Elite for those affected.

The electronic payment provider Charge Anywhere has notified individuals of a data breach of their networks when an unauthorized person(s) installed "sophisticated malware" that allowed the hackers to "capture segments of outbound network traffic" as the company has explained in a statement released December 9, 2014.

The company stated that transactions completed from August 17, 2014 through September 24, 2014 were compromised. However, information as far back as November 5, 2009 could have been captured as well.

"The incident is the latest reminder of what happens to businesses that
handle credit card data and other sensitive information and yet fail to
full encrypt the data as it traverses their network. The company has
provided a searchable list of merchants who may have been affected by the breach."

500 Monroe County residents were notified by WellCare Health of disclosure of some of their personal information when their Medicare records were "mishandled" by a sub-contractor for the insurer.

The insurers vendor had an error in their computer coding causing denial letters to be sent to the wrong members. The information on the letters included names, addresses, member ID numbers and general descriptions of the procedure. According to the insurer, no Social Security numbers or financial information was disclosed in the letter.

Subscribers with questions can call WellCare at (888) 240-4946(888) 240-4946.

Bebe Stores have notified customers of a data breach to their point of sale systems that took place last month for several weeks. The goal of the hackers was to obtain payment card information. The hacking took place between November 8, 2014 and November 26, 2014

The retailer is not stating how many cards were affected and the breach is currently being investigated by forensic IT specialists.

Dallas Fire-Rescue had several laptops containing patient information come up missing from several of their ambulances.

"According to the city, those computers disappeared between January 1,
2011, and August 29, 2014. The city’s release did not say how many
laptops were unaccounted for — or how they disappeared. Messages have
been left for Sana Syed, the city’s spokesperson."

No specific information was provided as to what information was in the files. For those patients who have questions can call the Dallas Fire-Rescue EMS staff at (844) 532-5527.

American Residuals and Talen Inc, dba ART Payroll, a specialized payroll company for the entertainment, advertising and events production industry, notified customers of a breach to their system when hackers infiltrated their servers and obtained personal information.

Highlands-Cashier hospital in North Carolina informed patients of a data breach to their servers that contained patient data. The disclosure of the data was due to an error by one of their third party vendors, TruBridge a subsidiary of Computer Programs and Systems, Inc. when they were contracted to complete some specialized computer services.

A data security screening caught the disclosure on September 29, 2014 that exposed patient information between May 2012 through September 2014.

The information exposed included patient names, addresses, dates of birth, treatment information, diagnosis, helath insurance information and Social Security numbers. All of this information could be accessed via the Internet.

For those who might have been affected you can call 1-888-227-14161-888-227-1416 Monday through Friday between 9:00 a.m and 9:00 p.m Eastern Time.

University Hospital has informed 692 patients of that their personal information has been compromised. An employee of the hospital had been accessing the personal information of patients for over 3 years. The employee has been dismissed.

Tiny Prints, Treat and Wedding Paper Divas, owned by Shutterfly Inc. notified customers of a data breach to their online system by hackers. The hacking may have exposed customer usernames and passwords. The company is urging customers to change all usernames and passwords to each site.

The Texas Health and Human Services department discovered a data breach it appears by "chance" after terminating their relationship with Xerox Corporation.

"In August, after the transition to a new Medicaid vendor, the Texas
commission filed a lawsuit against Xerox, alleging that the contractor
had failed to turn over computer equipment, as well as paper records,
containing Medicaid and health information for 2 million individuals,
"putting the state out of compliance with federal regulations and at
risk of massive federal fines," says a statement issued by Texas HHSC in August."

The Texas Health and Human Services department has notified individuals of the data breach communicating that their information may have been compromised. The information includes "Medicaid clients' names, birthdates, Medicaid numbers, and medical and
billing records related to care provided through Medicaid, such as
reports, diagnosis codes and photographs."

The State Compensation Insurance Fund, a state agency that provides workers compensation insurance to businesses informed customers of a data breach when one of their brokers suffered a data breach to their system.

Lucy Gomez Blankley Interpreting Inc., a provider of Stat Fund was the victim of a computer hack that resulted in theft of emails in which contained information regarding patient workers compensation claims.

Godiva notified employees of the company of a data breach when a Human Resources employee, who was traveling to retail sites, had a briefcase stolen from a car. The briefcase contained a lap top that had employee information on it. The lap top was not encrypted.

The information included names, addresses, Social Security numbers and drivers license numbers.

The company is providing Experian ProtectMyID Alert for 12 months for free. For questions call 1-866-328-1993 Monday through Friday 6:00 a.m to 6:00 p.m Pacific time.

Sony Pictures Entertainment has suffered a data breach when hackers posted threatening messages on company computers.

According to a report the threat "began with a skull appearing on screens, and then a strangely ominous
message telling users they’d been hacked by something called #GOP. It
gets more bizarre as the message claims this is just the beginning and
then threatens to release documents by 11 PM this evening."

The company has completely shut down all email communications and employees are not allowed to use company computers while the entertainment giant works through where and what the threat is and if it is real. The original threat did not give specifics or communicate any kind of "ransom" for the data that had supposedly been hacked.

UPDATE (12/5/2014): A data security analyst has discovered information leaked by the hacker (s) goes beyond what was originally reported.

According to the security company Identity Finder, showed that leaked files included vast amount of personal data on "more than 47,000 celebrities, freelancers, and current and former Sony employees".

"An analysis of 33,000 leaked Sony Pictures documents by data security
software firm Identity Finder showed that the leaked files included the
personal information, salaries and home addresses for employees and
freelancers who worked at the studio. Some of the celebrities include
Sylvester Stallone, director Judd Apatow and Australian actress Rebel
Wilson, according to the Wall Street Journal, which first reported on the analysis".

Additional information such as contracts, termination dates, termination reason and other data was also leaks. Unfortunately these files were in Excel format without any password protection.

UPDATE (12/16/2014): "Sony Pictures Entertainment has been sued
by two self-described former employees who accuse the movie
studio of failing to protect Social Security numbers, healthcare
records, salaries and other data from computer hackers who
attacked it last month.

The proposed class action lawsuit against Sony Corp's
studio was filed on Monday in federal court in
Los Angeles. It alleges that the company failed to secure its
computer network and protect confidential information."

The US State Department shut down one of its computer networks when it was believed to have been hacked. Experts believe this is related to the breach to the White House's unclassified computer network.

On Monday Jeff Rathke, a State Department spokesperson said "the department had recently detected "activity of concern" in portions of the system handling non-classified emails, and the weekend maintenance included security improvements responding to the breach."

on Monday, Rathke said
the department had recently detected "activity of concern" in portions
of the system handling non-classified emails, and the weekend
maintenance included security improvements responding to the breach.

on Monday, Rathke said
the department had recently detected "activity of concern" in portions
of the system handling non-classified emails, and the weekend
maintenance included security improvements responding to the breach.

The Seattle Public School District announced in a letter to parents Thursday about a data breach that involved their children's information.

"Late Tuesday night Seattle Public Schools learned that a law firm
retained by the district to handle a complaint against the district
inadvertently sent personally identifiable student information to an
individual involved in the case. The district promptly removed the law
firm from the case and is working to ensure that all improperly released
records are retrieved or destroyed."

Over 800 special education students were involved in a breach. The information involved in the breach included their names, addresses, student identification numbers, test scores and disabilities.

The Reeve-Wood Eye Center reported a data breach to the California Attorney General's office. No specific details were provided as to the scope of the breach, type of breach or individuals affected.

Information Source:California Attorney General

records from this breach used in our total: 0

November 13, 2014

U.S. Weather SystemWashington, District Of Columbia

GOV

HACK

Satellite systems that forecast weather

Officials from the National Oceanic and Atmospheric Administration (NOAA), which includes the National Weather Service, have notified officials of a data breach to the National Weather Service's satellite network.

It appears the system was affected in September, but officials did not communicate that there was a problem until late October. an NOAA spokesman Scott Smullen did confirm that there were hacks and communicated that "incident response began immediately".

Dallas-based Onsite Health Diagnostics, a third party contractor with state of Tennessee, who completes medical testing and health screenings for various government insurance plans has suffered a data breach. The company discovered hackers had gained access to a computer system that houses personal information for members of the Tennessee's State Insurance Plan, Local Government Insurance Plan and Local Education Insurance plan.

The information affected in the breach included health benefit member names, dates of birth, addresses, emails, phone numbers and gender.

The US Postal Service is releasing information today that they have been the victim of a cyber attack with Chinese hackers being suspected of hacking into their computer networks compromising the information of over 800,000 employees.

Currently the FBI is investigating the breach and it appears that information obtained included names, dates of birth, Social Security
numbers, addresses, dates of employment. According to officials, all postal service employees were affected and they are not yet clear why their information was of interest to these hackers. They are not seeing any evidence of customer information being compromised. The investigators are calling the hackers "sophisticated actors". More information will be posted as additional information comes out with the investigation.

Anthem Blue Cross in California sent text emails with personal details about individuals health information and member specific demographic information such as age, language spoken, specific medical test received or not received as part of the text message.

The company is reviewing whether or not they have to report this information as part of the specific notification laws in California, which does include the breach of medical history, mental or physical condition, medical treatment or diagnosis by a health care professional.

A spokesperson for Blue Cross stated that they are investigating the incident.

Fidelity National Financial, Inc (FNF) informed customers of a breach to their system due to a targeted phishing attack to certain employees.

FNF is the parent company of Ticor Title Company of Oregon, Ticor Title of Nevada, Inc., Lawyers Title Company, and Lawyers Title of Oregon, LLC, which provides title insurance and real estate settlement services in Oregon, Nevada, and/or California.

From April 14, 2014 and April 16, 2014 a certain number of employees were targeted in a phishing attack that allowed the hackers to obtain username and password information for employees of the company. The company hosts their email with a third party vendor and after investigating did not find any evidence that the hackers were able to breach FNF's internal network or systems.

However, the investigation did reveal that personal information was obtained including Social Security numbers, bank account numbers, credit/debit card numbers and driver's license numbers.

The company is offering 12 months free of AllClear ID to those affected. Those affected can call 1-877-676-03741-877-676-0374 to reach an AllClear investigator.

The Palm Springs Federal Credit Union was conducting an audit of their systems and realized that one of their external hard drives that contained customer data was missing.

The information contained on the drive included customer names, addresses, Social Security Numbers and account numbers.

The credit union is offering AllClearID and AllClearID Pro for 12 months at no cost to those who were affected by this breach. For those with questions they can call 1-866-979-25951-866-979-2595 or the credit union at dpitigliano@palmspringsfcu.com.

UPDATE (1/16/2015): The National Credit Union Administration has announced that it will be paying Palm Springs Federal Credit Union $50,000 to help cover expenses incurred due to a data breach the credit union suffered. The regulatory agency is taking responsibility for the breach.